Merge releases/v4 into releases/v3 by github-actions[bot] · Pull Request #3784 · github/codeql-action · GitHub
Skip to content

Merge releases/v4 into releases/v3#3784

Merged
henrymercer merged 16 commits intoreleases/v3from
backport-v3.35.1-c10b8064d
Mar 27, 2026
Merged

Merge releases/v4 into releases/v3#3784
henrymercer merged 16 commits intoreleases/v3from
backport-v3.35.1-c10b8064d

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented Mar 27, 2026

Merging c10b806 into releases/v3.

Conductor for this PR is @henrymercer.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v3 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Remove and re-add the "Rebuild" label to the PR to trigger just this workflow.
  • Wait for the "Rebuild" workflow to push a commit updating the distribution files.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.

dependabot Bot and others added 15 commits March 27, 2026 10:25
@dependabot
Bump node-forge from 1.3.3 to 1.4.0
22eba96 
Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.3 to 1.4.0.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.3...v1.4.0)

---
updated-dependencies:
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Rebuild
36791d8
@github-actions
Update changelog and version after v4.35.0
7c51060
@github-actions
Rebuild
24448c9
@henrymercer
Merge pull request #3777 from github/mergeback/v4.35.0-to-main-b8bb9f28
45ceeea 
Mergeback v4.35.0 refs/heads/releases/v4 into main
@mbg
Merge pull request #3775 from github/dependabot/npm_and_yarn/node-for…
ea5f719 
…ge-1.4.0

Bump node-forge from 1.3.3 to 1.4.0
@henrymercer
Update minimum git version for overlay to 2.36.0
2437b20
@henrymercer
Add changelog note
65d2efa
@henrymercer
Merge pull request #3781 from github/henrymercer/update-git-minimum-v…
d6d1743 
…ersion

Update minimum Git version for overlay to 2.36.0
@github-actions
Update changelog for v4.35.1
c5ffd06
@henrymercer
Merge pull request #3782 from github/update-v4.35.1-d6d1743b8
c10b806 
Merge main into releases/v4
@github-actions
Revert "Update version and changelog for v3.35.0"
4d2fde9 
This reverts commit 124f6ee.
@github-actions
Revert "Rebuild"
8bb5bdb 
This reverts commit b1a5f00.
@github-actions
Merge remote-tracking branch 'origin/releases/v4' into backport-v3.35…
557b58c 
….1-c10b8064d
@github-actions
Update version and changelog for v3.35.1
c983cb8
@github-actions github-actions Bot added the Rebuild Re-transpile JS & re-generate workflows label Mar 27, 2026
@henrymercer henrymercer added Rebuild Re-transpile JS & re-generate workflows and removed Rebuild Re-transpile JS & re-generate workflows labels Mar 27, 2026
@github-actions github-actions Bot removed the Rebuild Re-transpile JS & re-generate workflows label Mar 27, 2026
@github-actions
Copy link
Copy Markdown
Contributor Author

github-actions Bot commented Mar 27, 2026

@henrymercer henrymercer marked this pull request as ready for review March 27, 2026 16:22
@henrymercer henrymercer requested a review from a team as a code owner March 27, 2026 16:22
Copilot AI review requested due to automatic review settings March 27, 2026 16:22
@github-actions github-actions Bot added the size/XS Should be very easy to review label Mar 27, 2026
@henrymercer henrymercer enabled auto-merge March 27, 2026 16:22
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR merges release-branch changes from releases/v4 into releases/v3, producing a v3 patch release that updates dependencies and corrects overlay-related Git version requirements.

Changes:

  • Bump action version to 3.35.1 and update the changelog entry for the patch release.
  • Update the minimum Git version required for overlay/improved incremental analysis to 2.36.0.
  • Bump node-forge to ^1.4.0 and regenerate distribution files in lib/.

Reviewed changes

Copilot reviewed 15 out of 16 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/git-utils.ts Updates overlay minimum Git version constant and related inline documentation/comments.
package.json Bumps action version to 3.35.1 and updates node-forge dependency to ^1.4.0.
package-lock.json Updates lockfile to reflect dependency/version changes (but version metadata currently mismatches package.json).
CHANGELOG.md Adds 3.35.1 release notes describing the Git minimum version correction.
lib/upload-sarif-action.js Regenerated distribution output reflecting the new action version.
lib/upload-sarif-action-post.js Regenerated distribution output reflecting the new action version.
lib/upload-lib.js Regenerated distribution output reflecting the new action version.
lib/start-proxy-action.js Regenerated distribution output (includes updated bundled node-forge).
lib/start-proxy-action-post.js Regenerated distribution output reflecting the new action version.
lib/setup-codeql-action.js Regenerated distribution output reflecting the new action version.
lib/resolve-environment-action.js Regenerated distribution output reflecting the new action version.
lib/init-action.js Regenerated distribution output reflecting the new action version and updated Git minimum constant.
lib/init-action-post.js Regenerated distribution output reflecting the new action version.
lib/autobuild-action.js Regenerated distribution output reflecting the new action version.
lib/analyze-action.js Regenerated distribution output reflecting the new action version.
lib/analyze-action-post.js Regenerated distribution output reflecting the new action version.

Comment thread src/git-utils.ts
Comment on lines +264 to +265
Copy link

Copilot AI Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment is inaccurate: --stage itself predates Git 2.36.0; the 2.36.0 requirement is about the compatibility of git ls-files --recurse-submodules with --stage (and needing OIDs in the output). Please reword this to reflect the actual constraint so future readers don’t infer that --stage was introduced in 2.36.0.

Copilot uses AI. Check for mistakes.
@henrymercer henrymercer merged commit 5c8a8a6 into releases/v3 Mar 27, 2026
221 checks passed
@henrymercer henrymercer deleted the backport-v3.35.1-c10b8064d branch March 27, 2026 16:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@henrymercer henrymercer henrymercer approved these changes

Assignees

@henrymercer henrymercer

Labels

size/XS Should be very easy to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@henrymercer @mbg